Restricting Access to a Bucket to Specific Addresses

Procedure

1. En el panel de navegación de OBS Console, elija Object Storage.
2. En la lista de bucket, haga clic en el nombre del bucket que desee. Se muestra la página Objects.
3. In the navigation pane, choose Permissions > Bucket Policy.
4. Click Create.
5. In the first row of the template list, click Create Custom Policy on the right.
6. Configure parameters listed in the table below.

   Tabla 1 Restricting access to a bucket to specified addresses

   Parameter		Description
   Policy View		Visual editor
   Policy Name		Enter a custom name.
   Policy Content	Effect	Deny
   	Principal	Anonymous user User Policy: Include specified users.
   	Resources	Select the Current bucket and Object in bucket, and then select All objects. Resource Policy: Include specified resources.
   	Actions	Select * (indicating all actions). Operation Strategy: Include selected actions.
   	Conditions	Conditional Operator: IpAddress Key: SourceIP Value: 114.115.1.0/24

7. Click Next in the lower right corner to confirm the policy configuration.
8. Click Create in the lower right corner.

Verification

Initiate an access request from an IP address in the range of 114.115.1.0/24. The access is denied. Initiate an access request from an IP address beyond the range of 114.115.1.0/24. The access is allowed.

Scenario

To allow only a specified IP address to access the OBS bucket, set Condition Operator to NotIpAddress and specify the allowed IP address as the Value.